from the and-now-what? dept

We were somewhat surprised to see Microsoft recently admit that in the wake of the revelation that the NSA had infiltrated the private data links between Yahoo and Google's data centers that it had not yet decided to encrypt its own such links. Google had very quickly moved to encrypt those links and Yahoo has recently done so as well (though it took a little while). Now Microsoft is saying that it's going to do the same thing.

While the revealed documents did not directly point to a similar infiltration of Microsoft, there's reason to believe it was also compromised. Other Snowden documents mentioned in the linked article above note that Microsoft is listed as having data accessible under the same program, referred to as MUSCULAR. Perhaps more interesting is Microsoft making it clear that it believes any such infiltration would be a serious legal violation:

When asked about the NSA documents mentioning surveillance of Microsoft services, Smith issued a sharply worded statement: “These allegations are very disturbing. If they are true these actions amount to hacking and seizure of private data and in our view are a breach of the protection guaranteed by the Fourth Amendment to the Constitution.”

Of course, just because something is a Constitutional violation doesn't necessarily mean that there's much of a legal remedy. Any lawsuit would immediately lead to claims of sovereign immunity and national security to try to kill off any such lawsuit. It's the same thing the feds have done every time they've been challenged on this stuff. The only real way to deal with this is to make sure that the companies actually protect user data in a manner that makes it nearly impossible for the government to break in as it has in the past.

Re:

I don't get it, people have known for years that those links were vulnerable, maybe even enemies of the US, those companies have servers all around the world and they didn't thought others would peek?

Not really true. Most people quite reasonably assumed that those links weren't vulnerable, because they're not accessible to the outside world. Just like, if I have two computers connected at home, I don't encrypt the data exchange between them because I have a reasonable belief that no one unauthorized is sitting between them.

The issue here is that it appears that *most likely* an outside party, such as Level3 who helped run these networks, gave the NSA access (perhaps under court order). But an outside party, such as the "enemies of the US" you state, wouldn't have access to these links directly. So not sure how they would go about getting access. NSA is able to because it can issue a court order and force Level3 to throw a tap on the line. Not so much with others.

Denton does admit there is one change to existing US law, something only a maximalist would be happy to see -- a provision that would allow rights holders to pursue criminal charges against those who "aid and abet" copyright infringement. Great news! That means you no longer have to actually infringe to be held criminally accountable. All you have to do is be adjacent to it.

Perhaps you should dust off your dictionary and look up the term "aid and abet" then you will discover how far away "adjacent" is in meaning.

Re: Re:

I will disagree with you on this one, those connections are nothing like having a router at home, the right analogy would have me passing a long cable to the other apartment three stories up and never checking up on it, assuming nobody would temper with it.

They are not accessible to the internet, they are accessible to a guy and a pair of pliers though, we all knew this for a long time and even the government knows this, that is why if you go digging in some places the secret service shows up.

The very least they could have done is encrypt the traffic, no need for fancy cabling full of sensors trying to sense tampering on the cables.

Further the more people start using the cloud the more attractive those things become, specially when money is involved so is just not governments that would want to try and tap it but also criminals.

So I will once again ask why the most basic security was not implemented a long time ago?

Was it because governments said they didn't want them to do it and they turned a blind eye to the problems with it?

Because that would be like having someone tell you not to implement a security feature because he is using that to do something else at the expense of everybody else that could be harmed by real criminals.

ps: I do encrypt all traffic in my home network, it costs nothing and it increases the layer of security.

Re: Re:

I will disagree with you on this one, those connections are nothing like having a router at home, the right analogy would have me passing a long cable to the other apartment three stories up and never checking up on it, assuming nobody would temper with it.

They are not accessible to the internet, they are accessible to a guy and a pair of pliers though, we all knew this for a long time and even the government knows this, that is why if you go digging in some places the secret service shows up.

The very least they could have done is encrypt the traffic, no need for fancy cabling full of sensors trying to sense tampering on the cables.

Further the more people start using the cloud the more attractive those things become, specially when money is involved so is just not governments that would want to try and tap it but also criminals.

So I will once again ask why the most basic security was not implemented a long time ago?

Was it because governments said they didn't want them to do it and they turned a blind eye to the problems with it?

Because that would be like having someone tell you not to implement a security feature because he is using it to do something else, at the expense of everybody that could be harmed by real criminals.

Do anybody ever uses paypal, send credit card info with any of those companies?Do any system administrator have access to that information?There are external and internal threats and the government although a worthy one is not the only.

I could go on and on, but hopefully this makes this little bit can make the point.

ps: I do encrypt all traffic in my home network, it costs nothing and it increases the layer of security.

Re: Re: Re:

As we have seen from the past anyone can get someone on the inside of any organization. The USSR was getting crypto keys from a naval officer back in the day.All the big pipe companies like level3 can and probably have been infiltrated.Hell look at all the companies that were making money from Uncle Sam by providing access to data under FISA and simple requests.All these companies can encrypt all they want, they will still hand over the keys when asked.What needs to change is laws that require the proper 4th amendment process to be put in place.

Re:

funny how companies are worried now about spying being 'unconstitutional'. they didn't worry about it when it was to their advantage, ie, gave them the ability to spy on who was using what software on their home computers, did they?

Backdoor in Windows ?

It is all fine that Microsoft says that NSA hacking is unconstitutional. But what about Windows ? The question that remains to be answered is this - we know that the NSA 'helped' Microsoft build certain parts of their code in Windows (apparantly this goes for all versions).

Now could there be a backdoor built into every single edition of Windows ? If so, then how much will encryption help, if the NSA has a direct 'open line' into every single Windows PC on the planet ?

Re: Backdoor in Windows ?

we know that the NSA 'helped' Microsoft build certain parts of their code

Yes, but only the cryptographic parts. You can easily avoid this by using quality crypto software that doesn't make use of the MS crypto api.

Now could there be a backdoor built into every single edition of Windows

There could, of course. It's even widely believed in the industry that there is (mostly because of the NSA_KEY business). Nobody knows for sure, though, and in my work (tangentially related to this stuff) I have seen a number of signs that either there is no backdoor or it is very difficult to use.

If so, then how much will encryption help, if the NSA has a direct 'open line' into every single Windows PC on the planet ?

It helps a lot. For someone to use a backdoor, they have to target you, specifically. They have to know your IP address, for instance. Bulk collections of communications would be much more difficult if everything was encrypted even if every machine also had a back door installed.

Re: Re:

The Obvious

I have a question.Since the well orchestrated Terror attack played out on September 11th 2001,WHAT "LAW" HAS BEEN IMPLEMENTED BY THE FOREIGN ENEMIES PLACED INTO POWER TRAITORS OF A 100% CORRUPTED CONGRESS OR the "HIGH TREASON" ENEMY OF ("WE THE PEOPLE") ALL PRESIDENTS SINCE REAGAN THRU OBAMANATION WITH THEIR GOD DAMNED EXECUTIVE ORDERS AND DELIBERATE BANKRUPTING OF THIS FALLEN NATION WHILE ENSLAVING US ALL, HAS """NOT""" BEEN U-N-C-O-N-S-T-I-T-U-T-I-O-N-A-L ? We already know the people will NEVER resist or Unite, We are living through historic times. America is the most docile, domesticated, never before seen, human race, unable to recognize they are SLAVES, They truly believe they are still free, unable to stand up for their fundamentals 2+2 human being rights, willfully forfeiting with NO resistance, out of FEAR. Americans wont even stand up for their countrymen when a cop beats them to death for a half hour. TOO many incidents to count. Kelly Thomas, Milton Hall, Occupy Wall Street, Bradley Manning, or the millions sitting in foreign run private prisons this HIGH TREASONOUS govt guaranteed to keep 90% full which make up 92% of the prisons in this desolated nation. Heck even the VP Dick Cheney invested 70 million of his own money in the Van Guard Group, to profit off Americans in jail that never committed a crime.It is becoming amusing and yet still feel overwhelming pity for the 99% of the population who have NO idea what is really going on. He who will deceive the Whole world, has succeeded.